New upstream version 3.1.1

n2n.7

@@ -0,0 +1,132 @@
+.TH "n2n_v3" 7 "Sep 27, 2021" "version 3" "Background"
+.SH NAME
+n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay
+VPN.
+.SH DESCRIPTION
+n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
+layer 3 encapsulation with data transform capabilities such as encryption and
+compression. This guide also discusses the differences of version 3 of n2n from
+version 2.
+.SH PROTOCOLS
+n2n-3 basically uses the same set of messages to communicate with edges and
+supernodes. However, due to slight packet format changes, the n2n-3 messages
+are not compatible with n2n-2. There is no backward compatibility for n2n-2.
+.SH ENCRYPTION
+n2n-3 offers four different ciphers for payload encryption as well as optional
+header encryption. Earlier versions of n2n-2 provided a mechanism using a key
+schedule which has been removed in n2n-3. A basic user authentication scheme
+relying on asymmetric cryptography has been added to n2n-3.
+
+n2n-3 provides the following ciphers to chose from for payload encryption; more
+can be added as required:
+.TP
+.B (1) NULL
+Data is encapsulated unchanged. Useful for testing and high-performance, low
+sensitivity applications.
+.TP
+.B (2) TF-CTS
+Twofish AES candidate in CTS mode.
+.TP
+.B (3) AES-CTS
+AES in CTS mode with up to 256-bit key.
+.TP
+.B (4) CHACHA20
+ChaCha20, a well known stream cipher developped by Daniel J. Bernstein.
+.TP
+.B (5) SPECK-CTR
+A fast block cipher developped by the NSA used as stream cipher in CTR mode.
+.TP
+Full Header Encyption
+The optional full header encryption also encrypts packets' header which include
+some administrative data. In addition, it adds replay protection.
+.TP
+User Password Authentication
+n2n-3 implements an optional user-password authentication scheme. A key
+generator assists in generating user's public keys to be stored at the
+supernode side.
+.SH COPMPRESSION
+LZO for payload compression is an always available option at n2n-3. If compiled with
+zstdlib support, ZSTD is at optional service as well.
+.SH EXTENSIBILITY
+n2n-3 decouples the data transform system from the core of the edge
+operation. This allows for easier addition of new data transform
+operations. n2n-3 reserves some standard transform identifiers (such as TwoFish
+encryption) but allocates transform identifiers for user-defined
+transforms. This allows anyone to add to n2n new private transforms without
+breaking compatibility with the standard offering.
+.SH FEDERATED SUPERNODES
+n2n-3 incorporates the capability of multiple supernodes to be federated.
+Federation acts transparently and balances the workload evenly among the
+federated supernodes. Supernodes keep track of edges connected to different
+supernodes and forward packets as required. This feature naturally supports
+fail-over and this increases redundancy and resilience.
+.P
+Information on additional supernodes is propagated to all edges. In addition,
+the n2n-3 edge implementation allows multiple supernodes to be specified on the
+command line. Edges monitor the current supernode for responses to
+REGISTER_SUPER as well as PING messages. After three responses from current
+supernode are missed or when a better supernode in terms of significant lower workload
+is found, the edge tries to connect to another supernode. It cycles through the list
+f supernodes which over and over again is sorted according to reported workload.
+
+.SH MANAGEMENT CONSOLE
+Edge and supernode in n2n-3 provide a UDP-based management console. Both listen
+on the localhost address 127.0.0.1. Commands can be sent to the programs by
+sending to the UDP socket. Responses are returned to the socket from which
+commands were issued. This only works from the computer on which the programs
+are running. Statistics can be retrieved and commands issued. The netcat utility
+is all that is required; but more sophisticated tools could be built on the
+interface.
+
+.SH SUPERNODE AUTHENTICATION
+The supernode federation name serves as private key shared between the supernodes only.
+The corresponding public key can be provided to the edges.
+
+.SH MESSAGE SUMMARY
+The following message types work within n2n-3.
+.TP
+REGISTER_SUPER
+Sent from an edge to its local supernode to register its MAC with the community.
+Also, federated supernodes use this packet format to register to each other.
+.TP
+REGISTER_SUPER_ACK
+Sent from a supernode to an edge to confirm registration. This also carries the
+definition of the edge socket as seen at the supernode so NAT can be detected
+and described. Furthermore, it carries information about additional federated
+supernodes.
+.TP
+REGISTER_SUPER_NAK
+Supernode refusing to register an edge.
+.TP
+PACKET
+Encapsulated ethernet packets sent between edges. Supernodes forward or
+broadcast these and edges send them direct in peer-to-peer mode.
+.TP
+REGISTER
+A peer-to-peer mode registration request from one edge to another. Supernodes
+forward these to facilitate NAT crossing introductions.
+.TP
+REGISTER_ACK
+Complete peer-to-peer mode setup between two edges. These messages need to
+travel direct between edges.
+.TP
+QUERY_PEER
+Queries a supernode about another edge, especially its public socket in case of
+no peer-to-peer communication can be established. Additionally, it serves as PING
+to query supernodes about themselves.
+.TP
+PEER_INFO
+Answers the QUERY_PEER; it also covers the special case of the PING query, internally
+called PONG.
+.SH AUTHORS
+.TP
+Richard Andrews andrews (at) ntop.org - main author of n2n-2
+.TP
+Luca Deri
+deri (at) ntop.org - code inherited from n2n-1
+.SH SEE ALSO
+ifconfig(8) edge(8) supernode(1)
+.br
+the documentation contained in the source code
+.br
+the extensive documentation found in n2n's \fBdoc/\fR folder